Methods and systems for imaging device credential receipt and authentication

ABSTRACT

Embodiments of the present invention comprise systems, methods and devices for imaging device credential submission wherein credentials are extracted by scanning graphical indicia on user documents using a primary document scanner.

RELATED REFERENCES

This application is a continuation-in-part of U.S. patent applicationSer. No. 10/962,248, entitled “Methods and Systems for Imaging DeviceRemote Application Interaction, filed on Oct. 8, 2004; this applicationis also a continuation-in-part of U.S. patent application Ser. No.10/961,793, entitled “Methods and Systems for Imaging Device Remote FormManagement, filed on Oct. 8, 2004; this application is also acontinuation-in-part of U.S. patent application Ser. No. 10/961,911,entitled “Methods and Systems for Imaging Device Remote LocationFunctions, filed on Oct. 8, 2004; this application is also acontinuation-in-part of U.S. patent application Ser. No. 10/961,594,entitled “Methods and Systems for Imaging Device Remote documentManagement, filed on Oct. 8, 2004; and this application is also acontinuation-in-part of U.S. patent application Ser. No. 10/962,103,entitled “Methods and Systems for Imaging Device Document Translation,filed on Oct. 8, 2004; this application also claims the benefit of U.S.Provisional Patent Application No. 60/704,066, entitled “Methods andSystems for Imaging Device Applications,” filed Jul. 28, 2005.

FIELD OF THE INVENTION

Embodiments of the present invention comprise methods and systems forimaging device credential submission.

BACKGROUND

Imaging devices such as printers, copiers, scanners and fax machines canhave a wide array of functions and capabilities to fit specific uses orcombinations of uses. Imaging devices often take the form of amulti-function peripheral device (MFP) that combines the functions oftwo or more of the traditionally separated imaging devices. An MFP maycombine any number of imaging devices, but typically comprises thefunctions of a printer, scanner, copier and fax machine.

Some imaging devices may contain computing resources for data storageand processing such as processors, hard disk drives, memory and otherdevices. As imaging devices add more features and functions, they becomemore costly and complex.

More complex imaging devices and MFPs may comprise network connectivityto provide communication with other computing devices, such as personalcomputers, other imaging devices, network servers and other apparatus.This connectivity allows the imaging device to utilize off-boardresources that are available on a connected network.

Imaging devices typically have a user input panel with an array ofbuttons, knobs and other user input devices. Some devices also have adisplay panel, which can be for display only or can be a touch paneldisplay that enables user input directly on the display.

Devices with touch panel displays or displays with buttons arranged incooperation with the display can display menu data that may be selectedby user input. This menu data is typically driven by an on-board servermodule within the imaging device.

BRIEF SUMMARY OF THE INVENTION

Embodiments of the present invention comprise systems, methods anddevices for imaging device credential submission wherein credentials areextracted by scanning graphical indicia on user documents using aprimary document scanner.

Embodiments of the present invention comprise systems, methods anddevices for allowing users to be able to access resources on a securenetwork, such as a document management system, from an imaging device.

Embodiments of the present invention comprise systems, methods anddevices for interacting with a remote computing device from an imagingdevice. These embodiments comprise remote computing devices configuredto communicate with imaging devices, imaging devices configured tocommunicate with remote computing devices and systems comprising variouscombinations of remote computing devices in communication with imagingdevices.

The foregoing and other objectives, features, and advantages of theinvention will be more readily understood upon consideration of thefollowing detailed description of the invention taken in conjunctionwith the accompanying drawings.

BRIEF DESCRIPTION OF THE SEVERAL DRAWINGS

FIG. 1 is a diagram of an embodiment of the present invention comprisingan imaging device in connection with a remote computing device;

FIG. 2 is an image of an exemplary user interface for an imaging device;

FIG. 3 shows an exemplary imaging device;

FIG. 4 is a chart depicting steps of an imaging device method;

FIG. 5 is a chart depicting steps of an imaging device method using amarkup language;

FIG. 6 shows an exemplary remote computing device embodiment;

FIG. 7 is a diagram showing components of an exemplary remote computingdevice;

FIG. 8 is a chart showing steps of a remote computing device method;

FIG. 9 is a chart showing steps of a remote computing device methodusing a markup language;

FIG. 10 is a diagram showing a system comprising multiple imagingdevices in connection with a remote computing device;

FIG. 11 is a chart showing steps of a method comprising RCD processingof user input data;

FIG. 12 is a diagram showing components of some embodiments comprisinglinked resources;

FIG. 13 is a chart showing the steps of a method executed by some IDevsystem embodiments comprising user document scanning, credentialextraction and authentication;

FIG. 14 is a chart showing the steps of a method executed by some IDevsystem embodiments comprising user document scanning and sending andreceiving of authorization messages;

FIG. 15 is a chart showing the steps of a method executed by some RCDembodiments comprising credential authentication and sendingauthorization messages;

FIG. 16 is a chart showing the steps of a method executed by some RCDembodiments comprising credential extraction and authentication andsending authorization messages;

FIG. 17 is a chart showing the steps of a method executed by some systemembodiments comprising user document scanning, extraction of credentialsand access authorization; and

FIG. 18 is a chart showing the steps of a method executed by some systemembodiments comprising user document scanning, extraction of credentialsand authentication.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Embodiments of the present invention will be best understood byreference to the drawings, wherein like parts are designated by likenumerals throughout. The figures listed above are expressly incorporatedas part of this detailed description.

It will be readily understood that the components of the presentinvention, as generally described and illustrated in the figures herein,could be arranged and designed in a wide variety of differentconfigurations. Thus, the following more detailed description of theembodiments of the methods and systems of the present invention is notintended to limit the scope of the invention but it is merelyrepresentative of the presently preferred embodiments of the invention.

Elements of embodiments of the present invention may be embodied inhardware, firmware and/or software. While exemplary embodiments revealedherein may only describe one of these forms, it is to be understood thatone skilled in the art would be able to effectuate these elements in anyof these forms while resting within the scope of the present invention.

Embodiments of the present invention comprise interfaces andarchitecture that integrate imaging devices with remote computing deviceapplications and environments to provide solutions that may not bepossible solely with an imaging device alone. Some embodiments comprisean infrastructure and set of interfaces that allow applications on anetwork to programmatically control imaging device functions andinteract with a user through an imaging device input panel. Softwarefunctions that are not practical within the imaging device can beperformed on the server but are accessible from the imaging device.

For the purposes of this specification and claims, an imaging device(IDev) may be described as a device that performs an imaging function.Imaging functions comprise scanning, printing, copying, imagetransmission (sending and receiving), image conversion and otherfunctions. Exemplary imaging devices comprise printers, copiers,facsimile machines, scanners, computing devices that transmit, convertor process images and other devices. An IDev may also perform multipleimaging functions. For example, and not by way of limitation, amulti-function peripheral device (MFP), which typically has thecapability to perform a plurality of functions comprising a printer,scanner, copier and/or a facsimile machine or imagetransmitter/receiver, is a type of imaging device. Other MFP imagingdevices may comprise other combinations of functions and still qualifyas an IDev.

For the purposes of this specification and claims, a remote computingdevice (RCD) is a device capable of processing data and communicatingwith other devices through a communications link. An RCD is a remotedevice because it requires a communications link, such as a networkconnection, a telephone line, a serial cable or some other wired orwireless link to communicate with other devices such as an imagingdevice. Some exemplary RCDs are network servers, networked computers andother processing and storage devices that have communications links.

Some embodiments of the present invention may be described withreference to FIGS. 1 & 2. These embodiments comprise an imaging device(IDev) 4 that may be a multi-function peripheral device (MFP) or asingle function device. The imaging device 4 further comprises a userinterface (UI) panel 2, which may comprise input buttons 14 and adisplay device 12 or may comprise a touch panel system with or withoutbuttons 14. User input and display may also be performed through aseparate UI device 8, which may be connected to the imaging device 4 bya communication link 12, such as a USB connection, a network cable, awireless connection or some other communications link. UI device 8 maycomprise an input device, such as a keyboard or buttons as well as adisplay device, which may also be a touch screen panel. UI device 8 mayalso comprise an interface for transfer of instructions that are inputto the device 8 from a remote input device. This form of UI device 8 maycomprise memory sticks, USB memory cards and other storage devices thatmay be configured to store input for transfer to an imaging device.

These embodiments further comprise a remote computing device (RCD) 6that is linked to the imaging device 4 via a communications link 10,such as a network connection. This network connection may be a typicalwired connection or a wireless link.

Embodiments of the present invention may provide menu data from the RCD6 to the imaging device UI panel 2 or remote panel 8 via the networkconnection 10. Once this menu data is fed to the imaging device 4, an UIpanel 2, 8 on the imaging device 4 may be used to interact withapplications that run on the remote computing device 6. User inputreceived from UI panels 2, 8 may be returned directly to the remotecomputing device 6.

A Web Service is a software application identified by a Uniform ResourceIdentifier (URI), whose interfaces and binding are capable of beingdefined, described and discovered by Extensible Markup Language (XML)artifacts and supports direct interactions with other softwareapplications using XML based messages via Internet-based protocols.

An application on the remote computing device 6 may use one or more WebServices to control various features in the imaging device 4, such asenabling, disabling or setting device values or controlling devicefunctions.

Embodiments of the present invention allow network applications runningon remote computing devices to interact with the user of the imagingdevice through the imaging device I/O panel. These embodiments allowimaging device user interface (UI) control (i.e., touch panel,button/display) by applications. Some embodiments may also integratecustom display screens or menus with the native imaging device UI.Embodiments may hand off control of imaging device functions betweenstandard operation modes performed on the imaging device in response touser input to an imaging device UI and open systems modes that utilizenetwork resources, such as applications on RCDs, through user input atthe imaging device UI.

Embodiments of the present invention comprise network-based applicationsthat have full control over the imaging device UI to display text andgraphics in any format. In these embodiments, the application canprogrammatically display buttons, textboxes, graphics, etc. in anylayout desired.

In some embodiments, the UI layout is easy to program using a standardlanguage, such as a markup language. These languages comprise HypertextMarkup Language (HTML), Extensible Markup Language (XML), WirelessMarkup Language (WML), Extensible Hypertext Markup Language (XHTML) andother languages.

In some embodiments of the present invention a remote computing deviceapplication or server application is able to request a keyboard UI to bedisplayed on the imaging device display 12, 8. In some embodiments, thisfunctionality is available on the imaging device and does not need to berecreated by remote computing device applications. In some embodiments,the remote computing device may define the keyboard prompt and defaultvalues. These embodiments may comprise a remote computing device that isable to rename imaging device UI buttons, such as the OK and Cancelbuttons as well as define additional buttons.

In some embodiments, menu templates may be served to the imaging deviceUI by the imaging device itself 4 or from a remote computing device 6.

External Authorization Application

Some embodiments of the present invention may comprise a remotecomputing device application that is registered as the ExternalAuthorization server. The External Authorization application may controlaccess to the imaging device and may have top-level control of the UI.UI control may be given to this application in the same manner thatcontrol is given to an internal auditor.

In these embodiments, when an imaging device system boots, it checks tosee if an External Authorization application is registered. If so, theimaging device is placed in disabled mode and the application iscontacted to take control of the UI. If the External Authorizationserver is not available, an error message may be displayed and thedevice may remain disabled. The imaging device may periodically try tocontact the External Authorization server until it is available. Table 1below describes what entity has control of the UI, in an exemplaryembodiment, when the device is in a disabled state.

TABLE 1 UI Control in Disabled State Button Press UI Control IndicatorLights Device boots External Application None Document Filing ExternalApplication None Image Send External Application None Copy ExternalApplication None Job Status Device - standard Job Status Job Statusscreens Custom Settings Device - standard Custom N/A Settings screens OSMode Not available when device is disabledRemote Computing Device Applications

In embodiments of the present invention, access to the custom UI panelsof imaging devices may vary from application to application. Somesolutions, such as Document Management integration, may wish to leveragethe native Image Send screens, but display some custom UI's to gatheradditional information about a scan job. Other solutions, like customprinting applications, may be accessed from a separate mode than thenative functions.

In order to accommodate the diversified needs of these solutionsapplications, embodiments may support multiple integration points for UIcontrol. These integration points are based on a user action (“trigger”)for which applications may register. In some embodiments, applicationsmay be registered with target devices so that the device knows that when“trigger A” occurs on the front panel to contact “remote computingdevice B” for instructions. In exemplary embodiments, applications maybe integrated with an imaging device at any of several “trigger” points.

Remote computing devices may be registered to a specific function andcontacted when that function's hardware key is pressed (e.g. Image Send)on the imaging device UI. Any UI information provided by the remotecomputing device may be displayed instead of the standard functionscreens native to the imaging device. This trigger may be used forapplications that wish to replace the existing functions with completelycustom UI's, such as an alternative scan solution or a specializeddisplay, such as a “Section 508” compatible screen or otherspecialized-need interface that may have large buttons or otheraccommodations.

In some embodiments, each function on the imaging device may have a menuon the touch screen that remote computing devices, such as servers, canregister. This enables solutions applications to provide custom contentand still use some of the standard functionality provided by the imagingdevice. When a button assigned to a custom application is selected, amenu will be displayed with the solutions registered to that function.Users may select the desired solution and the remote computing devicewill be contacted for instructions.

In some embodiments, a stand-alone RCD mode that provides remotecomputing device application access can be accessed from the job queueportion of the UI that is displayed on every screen. This trigger pointmay be used for applications that do not fit within one of the standarddevice functions, such as custom printing solutions on an imagingdevice. When the RCD menu is selected, a menu will be displayed with thesolutions applications registered to the generic RCD mode. Users willselect the desired solution and the remote computing device will becontacted for instructions.

Hardware Key Interaction

In some embodiments of the present invention, when an imaging device isenabled, additional hardware keys may be used to manage the device.Hardware key assignments for an exemplary embodiment are shown in table2.

TABLE 2 Exemplary Hardware Key Assignments Button Press Standard IDevMode RCD Mode Mode keys (Copy, Clear current job Clear current job DocFiling, settings, move to settings, move to target Image Send) andtarget screen screen Custom Settings key Job Status key Move to JobStatus, Move to Job Status, maintain current maintain current settings &UI location settings & UI location Clear (C) Clears settings Sends clearevent to external application Clear All (CA) Clears settings, Cancelsjob and returns cancels job, and to default IDev screen returns todefault (notification sent to IDev screen external application) **WhenExternal Authorization is controlling the UI, only notification is sentStart Initiates scan function Initiates scan function Number keys Inputfor copy count Not used or fax numbers * Logs user out (disable Logsuser out (disable device and contact device and contact ExternalAuthorization External Authorization for screens) for screens)

In some embodiments, in addition to the * key for logout, a timeoutperiod may be implemented. Some embodiments also comprise an auto clearsetting that can be configured for a given period of time, such as 10 to240 seconds (or disabled). In these embodiments, when there is noactivity for the time configured in auto clear, the device mayautomatically return to disabled mode and attempt to contact a remotecomputing device to retake control of the UI.

Error & Jam Notifications

Depending on a particular solution, a remote computing deviceapplication may have full or only partial control of the imaging deviceUI and a particular imaging job. In some embodiments, partial controlmay include cases where a remote computing device is monitoring clicks,but native modes are responsible for the UI interaction and controllingthe job. Partial control may also include cases where the remotecomputing device application is integrated with a native mode (UItrigger=function custom menu). In these embodiments, the imaging devicemay handle all error and jam notifications with only a notification sentto the relevant remote computing device application.

For some embodiments, in cases where the remote computing deviceapplication has full control over the UI and the job, error and jamnotifications may be handled differently depending on the type of error.For recoverable errors, a notification may be sent to the remotecomputing device application and the application may be responsible fordisplaying messages and resolving the error. For non-recoverable errors,the imaging device and RCD mode may interact to gracefully handle theerror condition (e.g. provide user with instructions for clearing jam).

Control Handoffs

In some embodiments, at different points throughout an imaging job,several applications may need control over an imaging device including,but not limited to, an External Authorization application, a standardRCD application, an imaging device native mode and other applications.The following section describes, for an exemplary embodiment, thevarious steps in an exemplary job, the entities that may have controlduring each step, and what type of control may be allowed.

Step 1: User provides credentials to access the device at the device UI.This step may be controlled by a remote computing device, such as anExternal Authorization application or by Internal Accounting (nativemode) in the imaging device itself. At the end of this step, the deviceis enabled. The External Authorization application may also specifydefault parameters or disable specific job parameters (e.g. default fileformat is PDF, but user may change; color mode is set to B/W and usermay not change).

Step 2: User sets parameters for the job using one of the native imagingdevice modes or a standard RCD application. At the end of this step theuser makes an input to initiate the job. When the input is made, anoptional notification may be sent to the standard RCD application, whichcan then change job parameters if desired. An e-mail application is oneexample of an application that may request notification when the userinput is made. A user may use native Image Send screens or other inputto select scan options and choose e-mail recipients. A user may thenselect a custom application button and choose the scan-to-e-mail optionfrom the menu. The e-mail application may then display custom screensfor the user to set permissions for the file. Once a user places theoriginal document(s) on the scanner and initiates the process, thee-mail application may capture the destination parameters set by theuser and change the target destination to the e-mail application FTPserver. The e-mail application may then receive the file, apply theappropriate permissions, and send to the e-mail recipients selected bythe user. A remote computing device application may also want to retakecontrol of the UI at this point, if, as in some embodiments, theapplication generates thumbnails of the scanned images and displays themto the user for verification.

Step 3: Once the job is initiated, the imaging device is responsible forscanning or RIPing the job and spooling it to the HDD. If the imagingdevice is configured to authorize jobs with an external authorizationapplication, it may send a click report to the application and wait forinstructions. The external authorization application may enable the jobfor sending/printing, cancel the job, or change job parameters (and thenenable). As ah example, a rules-based printing application may wish tochange job parameters after it receives a click report. Some rules-basedprinting applications support rules-based printing and scanning that canlimit what each user is allowed to do based on the time of day, thedestination, or many other parameters. For example, only users in themarketing group may be able to scan high-quality color images. If a userfrom another group selects color and 600 dpi, a rules-based applicationmay change the parameters to color and 200 dpi. At the end of this stepthe job should either be authorized or canceled.

Step 4: In some embodiments, this may be an optional step, where thestandard RCD application in step 2 may have specified the destination asa HDD for temporary storage. This step may also be used, in someembodiments, by a Java application running on the imaging device. Forexample, a government office may have a custom encryption applicationrunning on the device that takes the scanned document, encrypts it, andthen requests the imaging device to send it to the target destinationselected by the user in step 2. In some embodiments, it may bebeneficial to send a notification to the external authorizationapplication after this step—because the imaging device does not know howlong the file will be on the HDD or what the application is going to dowith it—and after the send/print step.

Step 5: In the final step, the file is actually output. In typicalembodiments, the file is either sent over the network or printedlocally. At the end of this step, a notification that the job wassuccessfully completed should be sent to the external authorizationapplication and optionally, to the standard RCD application.

Device Control and Management API's

The API's may be used to allow a remote computing device application tocontrol access to an imaging device for vend applications and to managethe device from a remote location.

Device Control and Vend API

In some embodiments of the present invention, a Device Control and VendAPI allows applications to enable and disable access to the device andtrack click counts. The Device Control and Vend API may provide an RCDwith the following controls:

Enable/disable device of function—this may allow an RCD to enable ordisable access to the device as a whole or by function to enforceindividual user privileges. In some exemplary embodiments, the functionslisted in Table 3 may be selectively enabled or disabled by anapplication.

TABLE 3 Device Functions Enable/Disable Description Copy Copy function(Copy button) Image Send Scan and fax function, plus send from DocFiling (Image Send button) Document Filing All access to Document Filingfunctions (Document Filing button) Print Network prints, pull print fromfront panel, and print from Document Filing (No button control)

Report clicks used—at the end of a successful job, the clicks used maybe reported back to an RCD including:

TABLE 4 Job and Page Characteristics Fax PC- E-mail/ Broad- Scan ItemCopy Print Send Fax FTP cast to HD JOB Characteristics Job Mode Yes YesYes Yes Yes Yes Yes Broadcast No No Yes Yes Yes Yes No Manage No. UserName Yes Yes Yes Yes Yes Yes Yes Address No No Yes Yes Yes # No StartTime Yes Yes Yes Yes Yes Yes Yes End Time Yes Yes Yes Yes Yes Yes YesTotal Page Yes Yes Yes Yes Yes Yes Yes Result Yes Yes Yes Yes Yes YesYes Error Cause No No Yes Yes Yes Yes No Doc Filing Yes Yes Yes Yes YesYes Yes Save Mode *1 *1 *1 *1 *1 *1 *1 File Name *1 Yes *1 Yes Yes *1Yes File Size Yes Yes *1 *1 *1 *1 Yes Resolution Yes Yes Yes Yes Yes YesYes Special Yes Yes Yes No Yes Yes Yes Finishing Yes Yes No No No No NoFile Format No No No No Yes Yes No Compression No No No No Yes Yes NoPAGE Characteristics Copy Yes Yes Yes Yes Yes # Yes Paper Size Yes YesYes Yes Yes Yes Yes Simplex/duplex Yes Yes Yes Yes Yes Yes Yes PaperType Yes Yes Yes Yes No No Yes Page Yes Yes Yes Yes Yes Yes Yes *1 - Yeswhen Document Filing is used

Debit mode—in these embodiments, when an application enables the deviceit may specify if the current job requires authorization. If so, the jobwill be spooled to memory and click information (e.g., as defined inTable 4) will be sent to an RCD. An RCD will then notify the device ifthe job should be deleted or output/sent. At this point, the applicationalso has the option of changing job parameters. If the application doesnot require authorization, the job will continue as normal and a clickreport will be sent at the end of the job.

Print job accounting—in these embodiments, an RCD may wish to monitorprint jobs along with walk-up functions. For print job accounting, anIDev may monitor all incoming print jobs and send accounting data in thePJL header to an RCD for verification before printing the job. The RCDwill evaluate the accounting data (or lack thereof) and inform the IDevto continue with or cancel the job.

Report on unidentified jobs—in these embodiments, an RCD may also wishto monitor print jobs that it cannot associate to a specific user, suchas device reports and incoming fax jobs. The RCD can register to receiveclick counts for all unidentified jobs, so that it may bill them to ageneral account.

Device Management API

In some embodiments of the present invention, a Device Management APIallows a network application to remotely setup and manage the imagingdevice. In exemplary embodiments, the Device Management API may providean RCD with the following controls:

-   -   Device status—an RCD may request the current status of the        device. This is the same status information as reported on the        embedded web pages.    -   Device configuration—an RCD can retrieve a list of installed        options supported by the device.    -   Web Page settings—an RCD application can retrieve and set any of        the values that are configurable on the embedded web pages.    -   Key Operator Programs—an RCD application can retrieve and set        any of the values that are configurable in Key Operator        Programs, including software keys.    -   Custom Settings—an RCD application can retrieve and set any of        the values that are configurable in Custom Settings.    -   Job Status—an RCD application can retrieve the current job queue        and history information and reprioritize or delete jobs in the        queue.    -   Click counts—an RCD application can retrieve device total counts        and clicks for each function by account code.    -   Data Security settings—an RCD application may retrieve the        status information on the DSK (e.g. last erase) and initiate        data clear functions.    -   RED data—an RCD can retrieve all data typically sent in a RED        message.    -   Remote reboot—an RCD can initiate a reboot of the imaging        device.

The above groupings are provided only as an exemplary embodimentdetailing which settings should be included. In some embodiments, actualAPI's should be grouped by functional areas since there may be overlapbetween Key Operator settings and web page settings.

Internal Accounting API

In some embodiments, an Internal Accounting API may allow a remotecomputing device application to configure internal accounting and reportclick counts. In some exemplary embodiments an Internal Accounting APImay include:

-   -   Set Auditing Options—an RCD may set auditing options including        which modes auditing is enabled for, “account number security”,        and “cancel jobs of invalid accounts.”    -   Manage Account Codes—an RCD can add, edit, or delete account        codes    -   Account Limits—an RCD application can specify a maximum number        of clicks by function for individual account codes or for all        account codes    -   Account Reset—an RCD application can reset the click count for        an individual account or for all accounts    -   Retrieve Clicks—an RCD can retrieve the number of clicks by        function for each account code        Font and Form Management API

Some embodiments of the present invention may comprise a Font and FormManagement API, which allows an RCD application to remotely download andmanage fonts and forms in mass-storage. In some exemplary embodiments, aFont and Form Management API may provide a remote computing device withthe following controls:

-   -   Mass storage control—an RCD application can retrieve mass        storage status information including storage capacity, space        available, and write-protect mode plus modify write-protect        status.    -   Resource list—an RCD application can retrieve a list of stored        fonts and forms including font or macro ID, font number,        font/form name, escape sequence, and file size.    -   Download resource—an RCD application can download PCL fonts, PCL        macros, and PS fonts and forms. Any special processing that is        performed when a resource is downloaded via the web pages will        also be performed when the resource is downloaded via Open        Systems.    -   Delete resource—an RCD application can delete any resource        stored in mass storage.    -   Upload resources—an RCD application can upload an individual or        all resources. On devices where effective memory management is        unavailable, a server application can use this function to        “defrag” mass storage.    -   Font/macro ID's—an RCD application can assign or modify the ID's        assigned to PCL fonts and macros.        Firmware Management API

In some embodiments of the present invention, a Firmware Management APImay allow a remote computing device or network application to remotelydownload and manage the imaging device firmware. In some exemplaryembodiments, a Firmware Management API may provide a remote computingdevice (e.g., a server) with the following controls:

-   -   Firmware versions—an RCD application can retrieve the current        firmware version numbers.    -   Service mode—an RCD application can place the MFP in service        mode to lockout other jobs that will interfere with firmware        upgrade. Upon receiving a service mode request, the IDev will        stop accepting incoming jobs, complete all jobs in the queue,        and then notify the server that it is in service mode.    -   Update firmware—an RCD can download an updated firmware version        to the device. If a reboot is necessary, the IDev will perform        it automatically when download is complete.    -   Download status—the IDev will send a status notification        (success/error) to an RCD after firmware download.    -   Revert to previous version—if firmware update is not successful,        the application can request the IDev to revert to the previous        firmware version.

Device Function API's

In some embodiments of the present invention, device function API'sallow a remote computing device application to use existing imagingdevice functionality to provide new custom solutions.

Image Send API

In some embodiments, an Image Send API may provide the remote computingdevice application with the following controls:

-   -   Image Send Parameters—a remote computing device application can        get and set values for the following scan and fax parameters:        -   COLOR OR B/W        -   IMAGE MODE—TEXT, TEXT/PHOTO, PHOTO; EXPOSURE LEVEL        -   RESOLUTION        -   FILE FORMAT—FILE TYPE, COMPRESSION, AND PAGES PER FILE        -   ORIGINAL—ORIGINAL SIZE, SIMPLEX/DUPLEX, ROTATE, AND JOB            BUILD        -   FILENAME        -   SUBJECT        -   MESSAGE        -   SENDER        -   SCHEDULE SEND TIME        -   PAGE DIVISION (BOOK SCANNING)        -   COVER PAGE        -   TRANSMISSION MESSAGE (CONFIDENTIAL, URGENT, ETC.)        -   THIN PAPER SCANNING        -   DESTINATION        -   DOCUMENT FILING    -   Initiate Scan—the remote computing device application can        initiate the scan function (same as user pressing start button).

In some embodiments, a remote computing device can change the defaultvalues on the imaging device or the values for the current job. For thecurrent job, the remote computing device may also specify if scanparameters may be modified by the user or not. If one remote computingdevice application (e.g. Access Control) specifies that a parametercannot be changed and then a second application (e.g. DocumentManagement) tries to set the parameter, a notification may be sent tothe second application and the setting will not be changed.

Print API

In some embodiments, print jobs may be submitted by remote computingdevice applications using standard printing channels. In some exemplaryembodiments, a Print API may provide a remote computing device with thefollowing additional control:

-   -   PJL sniffing—an RCD application can register with the IDev to be        contacted for instructions when a specific PJL command is found        in a print job. The RCD can then instruct the IDev to replace        the command, cancel the job, or continue printing. This        interface may be used in applications like accounting and        other-brand compatibility.        Copy API

In some embodiments of the present invention, a Copy API may provide aremote computing device with the following exemplary controls:

-   -   Copy Parameters—an RCD application can get and set values for        the following copy parameters:        -   COLOR OR B/W        -   EXPOSURE—TEXT, TEXT/PHOTO, PHOTO, SUPER PHOTO; EXPOSURE            LEVEL        -   PAPER SELECT (BY TRAY)        -   COPY RATIO        -   2-SIDED COPY—1TO1, 1TO2, 2TO2, 2TO1; BINDING EDGE        -   OUTPUT—OUTPUT TRAY, SORT, STAPLE, GROUP, OFFSET        -   ORIGINAL SIZE        -   SPECIAL FUNCTIONS—MARGIN SHIFT, ERASE, PAMPHLET, ETC.        -   DOCUMENT FILING    -   Initiate Copy—an RCD application can initiate the copy function        (same as user pressing start button).

In some embodiments, a remote computing device can change the defaultvalues on the imaging device or the values for the current job. For thecurrent job, the remote computing device may also specify if copyparameters may be modified by the user or not.

Document Filing API

In some embodiments of the present invention, a Document Filing API mayprovide a remote computing device with the following exemplary controls:

-   -   Backup/restore—the remote computing device application can        import and export a batch file with all Document Filing data. In        some embodiments, this package will be in a proprietary format        since it contains documents that are password-protected and        should not be accessed individually—this is typically for        restore in case of failure or cloning to other devices.    -   File/folder list—the remote computing device application can        retrieve, modify, and create new files and folders to be stored        on the IDev (also covered in device management).    -   Download file—the remote computing device can download a new        file to the Document Filing systems and specify folder,        filename, username, and password.    -   User list—the remote computing device application can retrieve,        modify, and create new users to be stored on the IDev (also        covered in device management).    -   HDD Status—the remote computing device application can retrieve        the current HDD status including the % allocated to the main        folder, quick folder, and custom folders and the % remaining.    -   Doc Filing Parameters—the remote computing device application        can get and set values for storing a file to Doc Filing        including:        -   EXPOSURE        -   RESOLUTION        -   ORIGINAL—SIZE, SIMPLEX/DUPLEX        -   FILE INFORMATION—USERNAME, FILENAME, FOLDER, CONFIDENTIAL,            PASSWORD        -   SPECIAL MODES—ERASE, DUAL PAGE COPY, 2IN1, JOB BUILD, CARD            SHOT    -   Initiate Print—the remote computing device application can        select a stored file and initiate a print including the        following parameters:        -   PAPER SIZE/SOURCE        -   OUTPUT—SORT/GROUP, OUTPUT TRAY, STAPLE, PUNCH, OFFSET        -   SIMPLEX/DUPLEX (TABLET/BOOKLET)        -   TANDEM PRINT        -   NUMBER OF COPIES        -   DELETE OR STORE AFTER PRINTING    -   Initiate Send—the remote computing device application can select        a stored file and initiate a send including the following        parameters:        -   RESOLUTION        -   FILE FORMAT        -   DESTINATION        -   TIMER        -   SENDER        -   FILENAME        -   SUBJECT        -   MESSAGE

Security

Allowing external applications to control an imaging device opens up theimaging device to new security vulnerabilities. In embodiments of thepresent invention that provide some security measures, the followingexemplary items are security concerns that may be addressed by theremote computing device interface.

Access to remote computing device interfaces may be limited to validapplications. Embodiments provide extensive access and control of theimaging device, which poses a significant security risk. The interfaceof these embodiments may be protected from access by attackers, whilemaintaining ease of setup and use for valid solutions.

Confidential data (user credentials and job data) may be protectedduring network transfer. User credentials and job data may be securedduring network transfer to ensure that it cannot be stolen, an intrudercannot monitor device activity, and a man-in-the-middle attack cannotchange messages. Imaging devices may support Secure Sockets Layer (SSL)and other connections to ensure data is safe while being communicatedbetween the imaging device and remote computing device applications.

Administrators may have the ability to lock-down imaging device access.For users with strict security policies, administrators may have theability to disable access by remote computing devices or limit access tospecific applications. Administrators may have an option to register thelimited applications that they wish to access the imaging deviceinterfaces.

Remote computing device applications may ensure the imaging device isnot being “spoofed.” The remote computing device may be able toauthenticate an imaging device that it is contract with it to ensure anintruder cannot imitate the imaging device to collect networkconfiguration and password information, monitor file/folder structuresof a document management system, or spoof security settings and DSKstatus of the imaging device.

A remote computing device may ensure that the server is not being“spoofed.” The imaging device must be able to authenticate all remotecomputing devices that it is in contact with to ensure that an intruderis not spoofing the remote computing device's IP address. By pretendingto be the remote computing device, an intruder could steal usercredentials, redirect scanned documents, change device settings orfirmware, or bring down the access control system (either to provideaccess to unauthorized users or initiate a denial of service attack forvalid users).

Access control/vend applications may not be compromised when a remotecomputing device is unavailable. When the remote computing device isunavailable, it may not be acceptable to provide open access to thedevice. If the remote computing device is unavailable at startup orbecomes unavailable at anytime (e.g. someone disconnects network cable),the imaging device may immediately be disabled and an error messagedisplayed.

An administrator may be able to adjust a security level based on companyand application requirements. Security requirements can have a largeimpact on the time it takes to develop a remote computing deviceapplication and the resources required to implement the solution. Usersusing some embodiments may range from a small business with one imagingdevice, no IT staff, and a simple scan or print application to a largegovernment office using access control and audit trails to track alldevice activity. The security measures used to protect imaging deviceinterfaces may be adjustable by the administrator to match the targetenvironment.

The imaging device and remote computing device applications may be ableto hand-off user credentials. Users may be prompted to login at multiplepoints throughout a job. For example, an access control application oraccounting application may control total device access, the imagingdevice may have user authentication enabled for Image Send, and adocument management application may require user login before showing afolder list. In many environments, all of these applications will use acommon user database. In some embodiments, it is, therefore, desirablefor the applications to pass user credentials to each other, so thateach one does not have to repeat the authentication process.

Some embodiments of the present invention may be described withreference to FIG. 3. These embodiments comprise an imaging device only,which is configured to interact with a remote computing device, such asa server through a communications link. The imaging device 30 comprisesa user interface 32, which comprises a user input device 34, such as akeypad, one or more buttons, knobs or switches or a touch-screen paneland a display 36, which may comprise user input device 34 in the form ofa touch-screen panel.

Imaging device 30 will typically be capable of performing one or moreimaging functions including, but not limited to, scanning, printing,copying, facsimile transmission (sending and receiving) and others.

These embodiments further comprise a communications link 38, which maybe a wired connection (as shown in FIG. 3) comprising a network cable, aUniversal Serial Bus (USB) cable, a serial cable, a parallel cable, apowerline communication connection such as a HomePlug connection orother wired connections. Alternatively, the communications link 38 maycomprise a wireless connection, such as an IEEE 802.11(b) compliantconnection, a Bluetooth connection, an Infrared Data Association (IrDA)connection or some other wireless connection.

The operation of some imaging device embodiments may be explained withreference to FIG. 4. In these embodiments, menu data is received 40 froma remote computing device (not shown in FIG. 3), which is connected tothe imaging device 30 via the communication link 38 through a wired orwireless connection. This menu data is then displayed 42 on the imagingdevice user interface display 36. This display of remote menu data isintended to prompt a user to make an input on the user interface inputdevice 34.

Imaging devices of these embodiments are further configured to acceptinput from a user in response to a display of remote menu data andcommunicate 44 that user input to a remote computing device. In someembodiments, this user input data will be processed by a remotecomputing device. This may comprise running an application on the remotecomputing device. This processing may also comprise accessing andcommunicating data that is stored on the remote computing device.

The imaging devices of these embodiments are further configured toreceive 46 data resulting from processing the user input data. This maycomprise data generated by an application running on the remotecomputing device in response to the user input. The imaging device mayalso receive data that was stored on a remote computing device, such asa file server, in response to processing the user input.

Once the imaging device 30 has received 46 the processed data, theimaging device 30 may perform 48 a native function in response to thedata or using the data. For example, and not be way of limitation, theimaging device 30 may print a document that was stored on the remotecomputing device and modified on the remote computing device accordingto the user input. As another non-limiting example, the imaging device30 may active or enable functions (i.e., scanning, copying, printing,fax transmission) on the imaging device in response to the receipt 46 ofprocessed data.

Some, more specific, imaging device embodiments may be explained withreference to FIG. 5. In these embodiments, the imaging device 30 isconfigured to receive 50 menu data formatted in a markup language from aremote computing device. The communication link by which the menu datais communicated may be established and maintained using a HypertextTransfer Protocol (HTTP). The markup language may comprise terms fromHypertext Markup Language (HTML), Extensible Markup Language (XML),Wireless Markup Language (WML), Extensible Hypertext Markup Language(XHTML) and/or other languages.

Once the menu data is received 50, it may be displayed 52 on the imagingdevice user interface display 36. As in previously describedembodiments, the menu data is typically intended to prompt user input onimaging device user interface 32. Display 52 of the remotely-stored menudata may be accomplished with a browser application that is native tothe imaging device 30.

In these embodiments, the imaging device 30 is further configured toroute 54 user input received though its user interface 32 to a remotecomputing device. The remote computing device that receives the userinput may then run an application or otherwise process the user inputand return the results of the processing to the imaging device 30.Accordingly, the imaging device 30 is further configured to receive 56processed data from a remote computing device. In some embodiments, theimaging device 30 may perform one or more functions in response to thereceipt 56 of processed data.

Some embodiments of the present invention may be explained withreference to FIG. 6. These embodiments comprise a remote computingdevice (RCD) 60, which has a communications link 64. Communications link64 may be a wired connection (as shown in FIG. 6) comprising a networkcable, a Universal Serial Bus (USB) cable, a serial cable, a parallelcable, a powerline communication connection such as a HomePlugconnection or other wired connections. Alternatively, the communicationslink 64 may comprise a wireless connection, such as an IEEE 802.11(b)compliant connection, a Bluetooth connection, an Infrared connection,such as those defined in the Infrared Data Association (IrDA) standardor some other wireless connection. In some embodiments, RCD 60 mayfurther comprise a data storage device 62, which is typically a harddrive, but may also be an optical drive device, such as an array ofcompact disk drives, flash memory or some other storage device.

Embodiments of RCD 60 may be further described with reference to FIG. 7.In these embodiments, RCD 60 comprises a processor 72 for processingdata and running programs such as operating systems and applications.RCD 60 may further comprise memory 74, which may be in the form ofRandom Access Memory (RAM) and Read Only Memory (ROM). Generally, anyapplications processed by processor 72 will be loaded into memory 74.RCD 60 may further comprise a network interface 78, which allows RCD 60to communicate with other devices, such as an imaging device 30. In someembodiments, RCD 60 may also comprise a user interface 80, but this isnot required in many embodiments. Storage 62 may be used to storeapplications and data that may be accessed by an imaging device 30 ofembodiments of the present invention. Processor 72, memory 74, storage62, network interface 78 and, optionally, user interface 80 aretypically linked by a system bus 76 to enable data transfer between eachcomponent. Communications link 64 may couple the RCD 60 to other devicesvia network interface 78.

In some embodiments, described with reference to FIG. 8, an RCD 60 maycomprise menu data stored on storage device 62 or in memory 74. Thismenu data may be configured for display on an imaging device userinterface 32. Menu data may be stored in many formats andconfigurations. In some embodiments menu data may take the form of termsexpressed with a markup language. The markup language may comprise termsfrom Hypertext Markup Language (HTML), Extensible Markup Language (XML),Wireless Markup Language (WML), Extensible Hypertext Markup Language(XHTML) and/or other languages. In these embodiments, menu data may besent 82 through a communications link 64 to an imaging device 30.Accordingly, menu data configured for display on an imaging device isstored on RCD 60.

An RCD 60, of some embodiments, will be further configured to receive 84user input obtained through the user interface 32 of an imaging device30 and transferred to the RCD 60 over communications links 38 & 64. Oncethis input data is received at an RCD 60, the input data may beprocessed 86. This processing 86 may comprise conversion of the data toa new format, execution of commands contained within the data or someother process. Once the input data has been processed 86, the processedoutput may be sent 88 back to the imaging device 30 where the processedoutput may be used in an imaging device process or function.

In some embodiments, as described with reference to FIG. 9, an RCD 60may send 90 menu data configured for an imaging device display 36 usinga markup language. The markup language menu data is then received at theimaging device 30 and displayed to a user. Typically, this will promptthe user to enter an input on the imaging device user interface 32. Thisuser input will then be sent by the imaging device 30 to the RCD 60. TheRCD 60 will then receive 92 the input data prompted by the display ofthe menu data on the imaging device 30. Once received, the input datamay be processed 94 on the RCD 60. Processing may comprise theselection, recordation and/or modification of a form, document or otherdata stored on RCD 60, the authorization of a user identified by theuser input, the translation of a document input by the user, generationof a map or other directions related to user input or some other processor function.

Some embodiments of the present invention may be described withreference to FIGS. 10 & 11. These embodiments comprise at least one RCD60 and a plurality of imaging devices 30 a-30 d. In these embodiments,at least one of the imaging devices 30 a-30 d comprises a user interface32 with a display 36 and user input panel 34 that is integral with thedisplay (i.e., touch-screen) or a separate input unit. RCD 60 isconnected to imaging devices 30 a-30 d by a communications link andnetwork 100 to enable data transmission between RCD 60 and imagingdevices 30 a-30 d.

In these embodiments, menu data is stored on RCD 60 and sent 110 to atleast one of the imaging devices 30 a-30 d where the menu data isdisplayed on a user interface. Any of Imaging devices 30 a-30 d thatreceive the menu data are configured to accept 112 and transmit 114 userinput to an RCD 60. Once the user input data is received at the RCD, thedata may be processed 116 as discussed in previously describedembodiments. The result of processing 116 may then be sent 118 back toany combination of the imaging devices 30 a-30 d.

In these embodiments, a single RCD 60 may be used to provide processingpower, resources and functionality to a plurality of imaging devices 30a-30 d without reproducing these resources in each imaging device. Insome embodiments, data generated by input on one imaging device 30 a maybe directed to another imaging device 30 d for processed data output orfinal processing.

Some embodiments of the present invention may be described withreference to FIG. 12. In these embodiments, an imaging device (IDev) 120comprises a user interface 124, which is capable of receiving user inputand displaying data to a user. The user interface 124 will typicallycomprise a display, often in the form of a touch panel. The display maybe used to display data to a user. This data may comprise menu data toprompt for a user selection or data entry, such as a user ID andpassword, form selection or some other input. An IDev 120 will typicallyalso comprise a primary document scanner 121 with which documents may bescanned to make copies or files. The primary document scanner istypically capable of scanning sheets of common media, such as letter orlegal size paper as well as other sizes. The primary document scannermay typically scan text documents, photographs, graphics and other mediacontent. Generally, various resolutions are available for files andoutput from scanned images. A primary document scanner may produceoutput as a scanned image in the form of an image file, which may beprinted to make a copy of the original document, may be stored forfuture use or may be transmitted to a remote device. The imaging device120 has a communication link 122, which may comprise a typical computernetwork connection, a serial cable or some other wired or wirelesscommunication link as described in other embodiments. The communicationlink 122 may connect the imaging device 120 to a remote computing device(RCD) 126 a, 126 b, such as a server. The RCD 126 a, 126 b may be usedto store documents, such as forms, and other data and make that dataaccessible from the imaging device 120. The RCD 126 a, 126 b may alsoexecute applications that interact with or receive input from theimaging device 120 and its user interface 124. In some embodiments, adatabase 125 may be linked to the imaging device 120 and/or an RCD 126a, 126 b. In some embodiments, an RCD 126 b or database 125 may beconnected to an IDev 120 over a wide area network such as the internet128.

Credential Embodiments

Some embodiments of the present invention comprise credential submissionand authentication for access to IDev functions or linked resources,such as remote applications. In some embodiments, an imaging device(IDev), such as a multi-function peripheral (MFP) imaging device may becontrolled by an access management system, which restricts the use ofthe device's resources and linked network applications. In this type ofdevice/function control system, a user must typically identify herselfand an associated account with some type of logon activity. In somesystems, this can be performed through an authentication procedure atthe MFP.

In some embodiments, an MFP may be controlled by software, hardwareand/or firmware that may be capable of extracting user credentials froma scanned image. These credentials can be used to restrict access to MFPfunctions such as scanning, copying and printing. Credentials may alsobe used to restrict access to resources located on a remote computingdevice or network device, such as an accounting system or documentmanagement system.

In some embodiments of the present invention, a document may containgraphical indicia such as barcodes, special symbols, specific text,stenographic codes or any form of graphical representation that can beinterpreted by an application. This graphical indicia may be scannedusing a primary device scanner. User credentials may be extracted fromthe scanned image and used to authenticate a user. Once a user isidentified and associated with an account, device or system restrictionsmay be lifted.

Documents that may be scanned in these embodiments may comprise sheetmedia, such as printed pages, cards, badges, envelopes and other sheetscomposed of paper, mylar, plastic and other media. These documents mayalso comprise three-dimensional objects that comprise at least onesurface that is suitable for scanning on a primary document scanner.

The graphical indicia incorporated into these documents may beassociated with user credentials, such as user identification, useraccount data, user device usage history, user-associated device functionrestrictions and other user- or account-specific data.

In some embodiments, graphical indicia may be incorporated into adocument at the time the document is printed. Data may be automaticallyobtained from user account data or may be input on a device userinterface (UI) when the document is created. This data may then beencoded into graphical indicia that is printed onto a page. When thepage, or other form of document, is later scanned, the indicia may bedecoded to identify user data.

In some embodiments, graphical indicia may comprise text strings thatare incorporated in an image. In these embodiments, an optical characterrecognition (OCR) application may be used to identify text elements andtranslate them to a text-based format.

Known systems lack the ability to submit user credentials by scanning auser owned document using only the primary device scanner. A system withthe ability to authenticate user credentials and authorize user accesswithout the need of additional peripheral devices and processes willallow a system to operate more efficiently.

Some embodiments of the present invention may comprise a stand-aloneimaging device (IDev) with internal processing capabilities. Otherembodiments may comprise an imaging device (IDev) in communication withone or more remote computing devices (RCDs).

Some embodiments of the present invention may be described in relationto FIG. 13. These embodiments comprise methods and systems for scanninggraphical indicia 130 on a user document with an IDev's primary documentscanner 121. Credentials may be extracted 132 from the scanned image. Inthese embodiments, the IDev may send these credentials 133 to anauthentication application located on a remote computing device (RCD).The IDev may then receive an “access denied” 137 message if thecredentials are not authorized. Alternatively, the IDev may assume thataccess is denied when no approval message is received. When thecredentials are approved and access is authorized, an “access allowed”138 message may be sent by the RCD and received at the IDev.

In an exemplary embodiment, related to those depicted in FIG. 13, a usermay read prompts in the form of text and/or graphics displayed on animaging device UI display prompting the user to scan credentials. Inresponse to these prompts, the user may place a document on the scanningsurface and scan 130 a document containing some type of graphicalindicia using the primary scanner on the IDev. For example, a userdocument may include a sheet of paper, a badge, a card or some otherobject that may be scanned. The document may contain graphical indiciain the form of a barcode, symbol, signature or any form of graphicalrepresentation that can be successfully interpreted by a computerapplication. The IDev may then extract 132 credentials from the scannedimage and send 133 the credentials to an RCD for authentication. Ifauthentication is successful, the user may be authorized 136 to performa job. This job may comprise the use of an IDev function, the use of aremote application or some other job controlled by the RCD andaccessible through the IDev.

In some embodiments of the present invention, the credential data may besent from the IDev to the RCD using an XML/SOAP package. Theauthorization message from the RCD to the IDev may also be accomplishedusing an XML/SOAP package. In some embodiments, the authorization maycomprise sending browser content to the IDev browser.

Some embodiments of the present invention, illustrated in FIG. 14,comprise scanning 140 graphical indicia on a user document at an IDev.In these embodiments, the IDev sends 142 the scanned image of thegraphical indicia to an RCD directly without performing any credentialextraction. An authentication application on the RCD may then processthe image and extract the credential data from the scanned image. Oncethe credential data is extracted, the RCD may authenticate 146 thecredential data and associate the user with a user account or accesslevel. If the credential data is authenticated and the user's job isauthorized, the RCD application may issue an authorization message tothe IDev. The IDev will receive 148 this message and allow the user toproceed with the job. In some embodiments, access to a remoteapplication may be granted. When the authentication fails, an accessdenied message 147 may be issued by the RCD instructing the IDev torefuse access. Alternatively, the IDev may deny access when noauthorization message is received.

Some embodiments of the present invention may be described withreference to FIG. 15. In these embodiments the user credentials may bereceived 150 at an RCD 60, 126 a-b over a network connection of someother communication link. These credentials may then be authenticated154 with an authentication application at the RCD 60, 126 a-b. In someembodiments, these credentials may be compared or related 156 to anaccess list, database or some other relational system to determinewhether the user is authorized to access system functions andapplications. In some embodiments, authorization may be based on arequested activity or function and a user may be authorized for specificfunctions and not for others.

If the user is authorized, the RCD 60, 126 a-b may send an authorizationmessage 158 to the IDev 120, 30 a-30 d granting access to the requestedfunctions. If the user is not authorized the RCD 60, 126 a-b may send anaccess denial notice 157 to the IDev 120, 30 a-30 d to notify the userthat access has been denied. Alternatively, access may be denied if noauthorization message is received.

Some embodiments of the present invention may be described withreference to FIG. 16. In these embodiments a scanned image containinggraphical indicia is received 160 at an RCD 60, 126 a-b. The RCD maythen extract 162 credentials from the scanned image. These credentialsmay then be authenticated 164 with an authentication application at theRCD 60, 126 a-b. The authentication data may be compared or related 166to an access data to determine whether the user is authorized to accesssystem functions and applications. If the user is authorized, the RCD60, 126 a-b may send an authorization message 168 to the IDev 120, 30a-30 d to allow access. If the user is not authorized the RCD 60, 126a-b may send an access denial notice 167 to the IDev 120, 30 a-30 d tonotify the user that access has been denied. Alternatively, access maybe denied if no authorization message is received.

Some embodiments of the present invention comprise imaging devicesconfigured to work in conjunction with remote computing devices inexemplary systems such as those described below in relation to FIGS.17-18.

Some embodiments of the present invention, illustrated in FIG. 17,comprise an IDev 120, 30 a-30 d that is capable of scanning 170graphical indicia from a user document using a primary document scanner.In some embodiments, the IDev 120, 30 a-30 d may extract 171 credentialsfrom the scanned image and the credentials may then be sent 172 to anRCD 60, 126 a-b for processing. The RCD 60, 126 a-b may then process thecredentials with an authentication application 174 to determine 177whether the user complies with access restrictions. When thisdetermination has been made the RCD 60, 126 a-b, 30 a-30 d may deny 178access or allow 179 access to the IDev 120, 30 a-30 d functions and theother system applications.

Some embodiments of the present invention, illustrated in FIG. 18,comprise an IDev 120, 30 a-30 d that is capable of scanning 180graphical indicia from a user document. These graphical indicia may bescanned directly from a user document using the primary document scanneron the IDev 120, 30 a-30 d. The scanned image may then be sent 181 to anRCD 60, 126 a-b for processing. The RCD 60, 126 a-b may extract 182credentials from the scanned image and process the credentials with anauthentication application 184 to determine 187 whether the usercomplies with access restrictions. When this determination has been madethe RCD 60, 126 a-b, 30 a-30 d may deny 188 access or allow 189 accessto the IDev 120, 30 a-30 d functions and the other system applications.

The terms and expressions which have been employed in the forgoingspecification are used therein as terms of description and not oflimitation, and there is no intention in the use of such terms andexpressions of excluding equivalence of the features shown and describedor portions thereof, it being recognized that the scope of the inventionis defined and limited only by the claims which follow.

1. A method for imaging device credential processing, said methodcomprising: sending menu content and control data, in the form of anXML/SOAP message, from a remote computing device (RCD) to an imagingdevice (IDev) control application programming interface (API), whereinsaid menu content comprises prompts instructing a user to input usercredentials by placing graphical indicia on a primary document scannerand wherein said control data provides control of IDev functions to aremote application on said RCD through said IDev control API whereinsaid remote application disables an IDev function and said remoteapplication activates said primary document scanner via said IDevcontrol API to scan said graphical indicia, wherein said control datafurther comprises instructions to interact with said IDev control API torespond to said RCD remotely performing IDev functions consisting ofobtaining an IDev device status report, retrieving an IDev deviceconfiguration report with a list of installed and supported options,retrieving and setting configurable values on embedded IDev web pages,retrieving and setting values related to configurable IDev keys,retrieving IDev job queue and job history data and reprioritizing ordeleting jobs in the queue, retrieving IDev click counts for IDevfunctions, retrieving IDev data security settings and performing aremote IDev reboot; receiving credentials from said imaging device(IDev), wherein said credentials have been extracted at said IDev fromsaid graphical indicia scanned on the primary document scanner of saidIDev, wherein said document scanner is configured according to imageparameters set by said RCD via an image send API, wherein said imageparameters consist of color, image mode, resolution, file format,original document characteristics, filename, image subject, imagemessage, sender identification, scheduled send time, page division,cover page, file destination, paper thickness and document filingparameters; attempting authentication of said credentials; and sendingan access authorization message to said IDev control API when saidcredentials are successfully authenticated wherein said accessauthorization message enables said IDev function through said IDevcontrol API, wherein said authorization message further specifies jobparameter restrictions based on said authenticated credentials.
 2. Amethod as described in claim 1 wherein said access authorization messageinstructs said IDev to grant user access to remote applications.
 3. Amethod as described in claim 1 wherein said access authorization messageinstructs said IDev to grant user access to a networked documentmanagement system.
 4. A method as described in claim 1 furthercomprising maintaining an account of user activity on said IDev.
 5. Amethod as described in claim 1 wherein said receiving is at leastpartially accomplished with an XML/SOAP message.
 6. An apparatus forimaging device credential processing, said apparatus comprising: a) amenu sender for sending menu content and control data, in the form of anXML/SOAP message, from a remote computing device (RCD) to an imagingdevice (IDev) control application programming interface (API), whereinsaid menu content comprises prompts instructing a user to input usercredentials by placing graphical indicia on a primary document scannerand wherein said control data provides control of IDev functions to aremote application on said RCD through said IDev control API whereinsaid remote application disables an IDev function and said remoteapplication activates said primary document scanner via said IDevcontrol API to scan said graphical indicia, wherein said control datafurther comprises instructions to interact with said IDev control API torespond to said RCD remotely performing IDev functions consisting ofobtaining an IDev device status report, retrieving an IDev deviceconfiguration report with a list of installed and supported options,retrieving and setting configurable values on embedded IDev web pages,retrieving and setting values related to configurable IDev keys,retrieving IDev job queue and job history data and reprioritizing ordeleting jobs in the queue, retrieving IDev click counts for IDevfunctions, retrieving IDev data security settings and performing aremote IDev reboot; b) a receiver for receiving a user credential froman imaging device (IDev), wherein said user credential has beenextracted at said IDev from said graphical indicia scanned on saidprimary document scanner of said IDev, wherein said primary documentscanner is configured according to image parameters set by said RCD viaan image send API, wherein said image parameters consist of color, imagemode, resolution, file format, original document characteristics,filename, image subject, image message, sender identification, scheduledsend time, page division, cover page, file destination, paper thicknessand document filing parameters; c) an authentication application forperforming authentication of said user credential; and d) a sender forsending an access authorization message to said IDev when said usercredential is successfully authenticated wherein said accessauthorization message enables said IDev function through said IDevcontrol API, wherein said authorization message further specifies jobparameter restrictions based on said authenticated credentials.
 7. Anapparatus as described in claim 6 wherein said authorization messageinstructs said IDev to grant user access to remote applications.
 8. Anapparatus as described in claim 6 wherein said authorization messageinstructs said IDev to grant user access to a networked documentmanagement system.
 9. An apparatus as described in claim 6 furthercomprising an accounting application for maintaining an account of useractivity on said IDev.
 10. An apparatus as described in claim 6 whereinsaid receiver and said sender use XML/SOAP messages.